护照JWT Express未经授权
[英]Passport JWT Express Unauthorized
问题描述
I have Express as backend and am trying to add authentication using Passport.js. 
我有Express作为后端,并且正在尝试使用Passport.js添加身份验证。 I want to authenticate by password only - and a unique password located in /config/main named key: 我只想通过密码进行身份验证-和位于/ config / main named key中的唯一密码:
I can generate JWT by sending a POST request via /authenticate, But I cannot access the app using that JWT and I am getting ERROR 401 with Unauthorized written in Postman. 我可以通过/ authenticate发送POST请求来生成JWT,但是我无法使用该JWT访问应用程序,并且收到Postman编写的ERROR 401 Unauthorized消息。 My files : 我的文件 :
passport.js 护照
var JwtStrategy = require('passport-jwt').Strategy;
var ExtractJwt = require('passport-jwt').ExtractJwt;
var LocalStrategy = require('passport-local');
var config = require('./main');
var pass = config.key;
// Setup work and export for the JWT passport strategy
module.exports = function(passport) {
var opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = config.secret;
// opts.issuer = "accounts.examplesoft.com";
// opts.audience = "yoursite.net";
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
if (jwt_payload.key === pass) {
return done(null, password);
} else {
return done(null, false);
// or you could create a new account
}
}));
};
app.js app.js
// Initialize passport for use
app.use(passport.initialize());
// Bring in defined Passport Strategy
require('./config/passport')(passport);
var mainConfig = require('./config/main');
var key = mainConfig.key;
var pass = mainConfig.password;
// Authenticate the user and get a JSON Web Token to include in the header of future requests.
router.post('/authenticate', function(req, res) {
var token = jwt.sign({
key:'pass'
}, mainConfig.secret, { expiresIn: '24h' });
res.json({ success: true, token: 'JWT ' + token });
// Enable CORS from client-side
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header('Access-Control-Allow-Methods', 'PUT, GET, POST, DELETE, OPTIONS');
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Credentials");
res.header("Access-Control-Allow-Credentials", "true");
next();
});
router.get('/home', passport.authenticate('jwt', { session: false }), function(req, res) {
});
// Set url for API group routes
app.use('/react', router);
What am I doing wrong? 我究竟做错了什么? Please let me know so I could improve my code and go further with my website. 请让我知道,以便我可以改善代码并进一步访问我的网站。 I am new to authentication feature, so please explain what I did wrong. 我是身份验证功能的新手,所以请解释我做错了什么。
1 个解决方案
解决方案1
2 2017-01-14 17:53:42
Fixed it! 修复! The problem was that the response I got was: 问题是我得到的答复是:
{ "success": true, "token": "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwYXNzIiwiaWF0IjoxNDg0NDE1MzA4LCJleHAiOjE0ODQ1MDE3MDh9.Wb00qRygYnrpFTx2zs6o037i3UNiwRtmrrXFVhVYM04" } “
and I copied and pasted the token without the JWT beginning 然后我在没有JWT开始的情况下复制并粘贴了令牌
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.